On 4/13/21 5:06 PM, Roger Heflin wrote:
sestatus will show the current status.
if enforcing then something may not be functioning as designed.
if permissive then it will report it is blocking when it is not, and
if you set it enforcing then something would probably break.
if you set it permissive at one time then it will stay set permissive.
It is "enforcing":
bash.1[~]: su -
Password:
-bash.1[~]: sestatus -v
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
Process contexts:
Current context:
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Init context: system_u:system_r:init_t:s0
File contexts:
Controlling terminal: unconfined_u:object_r:user_devpts_t:s0
/etc/passwd system_u:object_r:passwd_file_t:s0
/etc/shadow system_u:object_r:shadow_t:s0
/bin/bash system_u:object_r:shell_exec_t:s0
/bin/login system_u:object_r:login_exec_t:s0
/bin/sh system_u:object_r:bin_t:s0 ->
system_u:object_r:shell_exec_t:s0
/sbin/agetty system_u:object_r:getty_exec_t:s0
/sbin/init system_u:object_r:bin_t:s0 ->
system_u:object_r:init_exec_t:s0
/usr/sbin/sshd system_u:object_r:sshd_exec_t:s0
/lib/libc.so.6 system_u:object_r:lib_t:s0 ->
system_u:object_r:lib_t:s0
/lib/ld-linux.so.2 system_u:object_r:lib_t:s0 ->
system_u:object_r:ld_so_t:s0
-bash.2[~]:
On Tue, Apr 13, 2021 at 4:56 PM home user <mattisonw@xxxxxxxxxxx> wrote:
On 4/13/21 2:24 PM, Roger Heflin wrote:
Are you running permissive or enforcing? >
if permissive then it does not block anything, but says it is blocking
if enforcing it is blocking something, though it may be a
pointless/useless interface feature of some sort that does not matter,
and does not really affect functionality.
And it might be some sort of sub process that is failing to do
something that may or may not matter.
When I first installed this system 8 years ago, SELinux was there by
default. My knowledge of it is very high level and superficial. I
don't recall ever setting anything either of those 2 ways; I'm running
whatever the default is. I don't know the answer to your question, nor
do I know how to find out.
I do need to find a better way to reproduce the problem and test fixes
(like the restorecon command you suggested). Currently, it seems I get
the problem only the first 1 or 2 times per login, per boot, or per day
(I haven't yet figured out which). I also want to figure out if the
problem is limited to caja, or if "files" also has the problem.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure